Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-21224 PoC — 浪潮 Inspur ClusterEngine 参数注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/inspur-clusterengine-rce.yaml
Associated Vulnerability
Title:浪潮 Inspur ClusterEngine 参数注入漏洞 (CVE-2020-21224)
Description:浪潮 Inspur ClusterEngine是中国浪潮公司的一个应用软件。提供管理集群系统中软硬件提交的作业。 Inspur ClusterEngine V4.0 存在安全漏洞,远程攻击者可利用该漏洞可以向控制服务器发送恶意登录报文。
Description
Inspur Clusterengine V4 SYSshell was found and allows remote command execution by design.
File Snapshot

 id: inspur-clusterengine-rce

info:
  name: Inspur Clusterengine V4 SYSshell - Remote Command Execut

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.